CVE Vulnerabilities

CVE-2011-4357

Use of Externally-Controlled Format String

Published: Dec 10, 2011 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name Vendor Start Version End Version
Clearsilver Brandon_long * 0.10.5 (including)
Clearsilver Brandon_long 0.1 (including) 0.1 (including)
Clearsilver Brandon_long 0.2 (including) 0.2 (including)
Clearsilver Brandon_long 0.2.1 (including) 0.2.1 (including)
Clearsilver Brandon_long 0.3 (including) 0.3 (including)
Clearsilver Brandon_long 0.4 (including) 0.4 (including)
Clearsilver Brandon_long 0.5 (including) 0.5 (including)
Clearsilver Brandon_long 0.6 (including) 0.6 (including)
Clearsilver Brandon_long 0.7 (including) 0.7 (including)
Clearsilver Brandon_long 0.7.1 (including) 0.7.1 (including)
Clearsilver Brandon_long 0.7.2 (including) 0.7.2 (including)
Clearsilver Brandon_long 0.8.0 (including) 0.8.0 (including)
Clearsilver Brandon_long 0.8.1 (including) 0.8.1 (including)
Clearsilver Brandon_long 0.9.0 (including) 0.9.0 (including)
Clearsilver Brandon_long 0.9.1 (including) 0.9.1 (including)
Clearsilver Brandon_long 0.9.2 (including) 0.9.2 (including)
Clearsilver Brandon_long 0.9.3 (including) 0.9.3 (including)
Clearsilver Brandon_long 0.9.6 (including) 0.9.6 (including)
Clearsilver Brandon_long 0.9.7 (including) 0.9.7 (including)
Clearsilver Brandon_long 0.9.14 (including) 0.9.14 (including)
Clearsilver Brandon_long 0.10.1 (including) 0.10.1 (including)
Clearsilver Brandon_long 0.10.2 (including) 0.10.2 (including)
Clearsilver Brandon_long 0.10.3 (including) 0.10.3 (including)
Clearsilver Brandon_long 0.10.4 (including) 0.10.4 (including)
Clearsilver Ubuntu devel *
Clearsilver Ubuntu hardy *
Clearsilver Ubuntu lucid *
Clearsilver Ubuntu maverick *
Clearsilver Ubuntu natty *
Clearsilver Ubuntu oneiric *
Clearsilver Ubuntu precise *
Clearsilver Ubuntu quantal *
Clearsilver Ubuntu raring *
Clearsilver Ubuntu saucy *
Clearsilver Ubuntu upstream *

Potential Mitigations

References